A new Android vulnerability, Stagefright, just got released, potentially affecting 95% of all Android devices. This represents a massive number of Android devices: 950 million devices worldwide! What’s concerning most is that all a hacker needs to know to exploit Stagefright is the victim’s phone number. Even more alarming, under certain conditions, the victim need not do anything (no accepting, clicking, downloading, installing, etc.) for this exploit to take place.

The Problem

Stagefright is the name of the media library in the Android operating system that processes several different media formats. This library is written in C++ and is prone to memory corruption. Security researchers at Zimperium found several remote code execution vulnerabilities in this library–the worst of which requires no user intervention.

Among the possible attack vectors, attackers can exploit these vulnerabilities by crafting a special MMS message and sending it to the victim’s device. This vulnerability impacts all Android devices running 2.2 and higher versions of the operating system. The following CVEs were assigned to the Stagefright Android vulnerability:

CVE-2015-1538

CVE-2015-1539

CVE-2015-3824

CVE-2015-3826

CVE-2015-3827

CVE-2015-3828

CVE-2015-3829

Skycure’s Recommended Remediation

It is important to understand that this is a device-level vulnerability and a vendor issued update is critical to the fix. Please update your devices to the latest version as soon as the update is available. Some MMS applications auto-load attachments without giving the user a chance to delete them. Disabling auto-load will partially mitigate this vulnerability. An extreme way to mitigate the threat would be to completely turn off MMS messaging. However, that might not be an ideal solution for those adversely impacted by lost productivity.

The Enterprise edition of the Skycure Mobile Threat Defense solution offers a multi-layered solution to mitigate the Stagefright vulnerability:

Blocking of MMS on Vulnerable Devices: Skycure allows enterprises to manage all mobile vulnerabilities including Stagefright. Our solution can identify the devices at risk, and block MMS on vulnerable devices leveraging integration with an EMM solution such as AirWatch and MobileIron.

Enterprise Alerting: While not all the technical details of the vulnerability have been exposed, an early test by our researchers shows that the Enterprise edition of the Skycure Mobile Threat Defense app will alert both the user and enterprise IT professionals of malicious MMS messages that exploit the Stagefright vulnerability.

Malware Detection and Mitigation: Should an attacker put malware on an Android device via the Stagefright vulnerability (via MMS or other means), Skycure’s Malware Detection Engine will kick in as an additional layer of protection. In case of privilege escalation and device rooting, Skycure’s OS Vulnerability Analysis will also detect modifications to the underlying OS (as a result of it being rooted).

Download a free version of the Skycure app from both Apple and Google Play app stores to detect a plethora of mobile cyber attacks including physical, network, malware and vulnerability exploits. If you need help with assessing whether your organization is at risk because of the Stagefright vulnerability or any other mobile vulnerability, threat or attack, you can request a free trial here.

Skycure is a predictive mobile threat defense company with proactive defense solutions that actively detect and prevent cyberattacks on both BYO and corporate-owned devices without compromising user privacy or user experience. Skycure’s predictive technology is based on mobile threat intelligence gathered via massive crowd intelligence and sophisticated machine learning.